 We've introduced public key cryptography, so we got to There's an alternative to symmetric key cryptography where we use instead of the same key at both sides We use different keys for encrypt and decrypt and there's Really two different modes in which we use public key cryptography one is for confidentiality Keeping our message secret and the other mode is to use it for authentication so that we can Make sure that things aren't modified along the way and make sure that the person sending it is The right person and they're very similar except we use the keys in the different direction so for confidentiality We encrypt with the destination's public key and the destination decrypts with their private key So the assumption is that to successfully encrypt and then decrypt We must use the same keys in the key pair But the opposite one that is if we encrypt with one key in the key pair Then it will only decrypt using the other key from that same key pair if you try to decrypt with a different key It won't work What I mean by it won't work. We won't get the original plain text So the idea here is that if we encrypt with the public key of B We get some ciphertext. The only way to successfully decrypt that ciphertext is to use the private key of B We need to use the other key in the key pair and that's what we do for confidentiality and Why does this keep the message confidential? Well for someone to decrypt the ciphertext They need to know the private key of B if it was encrypted with the public key of B Then you can only decrypt it if you have the private key of B and there's only one person in the world that has the private key of B And that's B So by definition each user has a key pair They keep their private key private, but they can tell anyone their public key So in this case a user a knows the public key of B. It's public you can put it on a website you can announce it in any way you you like and And this is confidentiality because you need the private key to decrypt So this provides a one service It turns out the public key cryptography is commonly used for the for authentication for the alternative mode So here what we do is The aim is not to keep the message secret. I don't care if someone sees my message What I care about is that when B receives a message that they know it's from a and they know it hasn't been modified along the way So this is authentication So what we do for this is when a wants to send a message to be a encrypts that using their own private key So here we use the private key of a We get some ciphertext We send that to B to Decrypt we use the public key of a we must use the key or the other key in the key pair It was encrypted with PRA. We can only decrypt with Pua and When we decrypt if it successfully decrypts, what does that mean? If the decryption is successful, what does that imply in this case? It's it's right. It's verified there's something about the private key is the And the next step you're both correct, but what's what do we care? Why do we want to do this again? We want to verify that the message we got was from a are we sure of that? How do we know that the case in this one? How does B know after they decrypt this that for sure it came from a? How do they know that if it decrypts with the public key of a Then it implies it must have been encrypted using the private key of a Okay, so and there's only one person in the world that has the private key of a it's a So this is the the way to check that this message must have come from a No one else can create an encrypted message Such that it decrypts successfully with the public key of a because the only Ciphertext that will decrypt with the public key of a is that which was encrypted with the private key of a and the only person Who can encrypt something with the private key of a is a? So this is the authentication taking place of if it successfully decrypts Then it confirms it was from a it also means that It was not modified along the way so this is authentication and We'll see a small extension of this and and This is used for what we call a digital signature It's effectively a signing the message a has a message to send to be a signs the message Such that when B receives that message they can confirm yes It was from a and it acts as some form of proof like your signature acts as proof on some document that it came from you And that's one of the main uses of public key cryptography So in this case, let's look what the attacker can do Let's consider that and see well as a malicious user. What could we try to do to try and defeat that system? So again, we have our user a and B That's list the information they know What's known for example a has its own public private key pair And B does as well, but we don't use bees key pair in this case They both know the encryption and decryption algorithm. Let's be complete. They know the functions being used and We'll list some example algorithms that are used there. So they know that B also knows the public key of a that's the assumption here And in fact, that's an important assumption that is if a has its own key pair There's somehow it distributes the public key to everyone else So somehow be learnt the public key of a and that's quite easy We think that is right if I want to make my public keys Public maybe I can do is attach it to the bottom of my emails post it on a website printed in a newspaper But any way that we can make an announcement but in practice There's an issue of And we will not discuss it yet, but there is an issue of how do you do that in a secure manner? But for now assume B knows the public key of a That's what's known at a and B So the steps are that a takes the message and encrypts it with So we start with a message and we're going to encrypt with the pub the private key of a That message and send that to be that's what's sent So we know the encryption algorithm a knows its own private key It knows the message it wants to send it sends that to be what does be do when they receive what does be do? it decrypts so Sometimes I write that as simply see the ciphertext B take the steps of decrypting So decrypt Using some key C The ciphertext received which key do they decrypt with public key of a We decrypt the received ciphertext with the public key of a because this message came from a We're trying to confirm did it really come from a and to do so we decrypt with the public key of a and what do we get as an output? M It's successfully decrypts and again same with symmetric key encryption. We assume we will know if it's successful or not when we decrypt Later we'll see a more practical way to do that, but we assume that somehow Anyone who decrypts knows whether the decryption was successful or not For example the message makes sense So this is the normal approach Let's see what the malicious user can do. So that's just the same as the slide. What if the malicious user was there? What can they try to do? I'll draw it again, but not in full Again a wants to send a B a sends C which is equal to the encrypted Message using the private key They send that Let's consider an attacker now What if a malicious user intercepts and the role of the malicious user they want to change the message or they want to so now they want to change the message and Make a modification such that B will not detect it What can they try? malicious user gets it before it gets to be Can they see the message? You're the malicious user. Can you see the message? How do you see it? How do you obtain it? You decrypt this using the public key of a So yes, you can see the message. This does not provide confidentiality. So Anyone can decrypt this Because the public key of a is available to everyone So we can decrypt this we obtain M and we know the message What if we want to modify M to something different and then forward on to be and with the hope that B will think It's the original message that a sent. How can we do that as the malicious user? Try see what you can do but as the message comes to our malicious user and they want to Obtain the message. Okay, they can decrypt. Yes, and they get M when they decrypt So they know the message now. Let's say they change it to M prime With the aim of sending it on to B So if they change the message and they want a to think that it Sorry, they want B to think that it still came from a and they change the message to M prime and Encrypted using what key? This is what the malicious user does They've modified the message For their purpose and they want to send it on to be and hope that B will think it's from a They can encrypt with which key any key except private key of a so Not just any key. The important point is they cannot Encrypted using the private key of a and I think you see that because of that it won't work So if they try to decrypt it with their own private key for example We try as a malicious user use our own private key private key of the Ran out of space there of the malicious user if I attempt that what happens it arrives at B and let's call that Just to be brief that's called that C prime that is the message the modified message M prime Encrypted with the private key of the malicious user equals C prime B. Does the verification steps when they receive What does B do B decrypts the receive message C prime Thinking the message came from a They decrypt with a public key of a what happens Right. We when we decrypt we somehow know that the decryption doesn't work correctly and therefore something's gone wrong because C prime was obtained by encrypting M prime with the private key of a the malicious user If we try to decrypt that ciphertext using the wrong public key Remember they're not in the same pair then we'll assume that somehow we can detect that that decryption doesn't work that is weak the output we get is recognizably wrong and That's the way for B to verify that this message is not trustworthy We shouldn't trust it So this is due to the fact that C prime was encrypted with a private key of the malicious user, but decrypting trying the public key of a Makes B to be able to identify that that's something's been changed They don't necessarily know what's gone wrong, but they know something's gone wrong and that's sufficient Why did a encrypt with a private key of a because that's this how this scheme works to provide authentication in this case Right to two points one is we assume that the algorithms the encryption and decryption Work such that if we encrypt with one we can only decrypt with the other in the pair And that's that's the assumption of the algorithms encrypt with a private key of a can only decrypt with a public key of a and Vice versa also in confidentiality. We saw the opposite If we encrypt with a public key of B, we can only decrypt with a private key of B So we assume the algorithms really can use the keys in either order and The main algorithm RSA allows that others may not but the main one and use we can swap the key order So why did we use the private key of a because this is acting as some form of signature and then the concept of a signature is the person who signs the message they the only person who can Perform that signature and that acts as some verification that it came from them The only person who can encrypt with the private key of a is a So that's one example of using public key cryptography to provide authentication We're going to see a couple more examples, but in practice So this is actually called a digital signature or the concept of a signature you encrypt with your own private key to sign a document But in practice We We don't necessarily encrypt the entire message We do a modification and instead of encrypting the entire message. Maybe the message is 10 gigabytes What can we do? Don't encrypt the entire message to improve the performance. We could encrypt something else a Hash of the message Okay, so the same concept encrypt using your own private key, but instead of encrypting the entire message Just encrypt a hash of the message because our under our properties of the hash functions we assume that if the messages are different the hash values are different and We revert back to the same properties that we get with this scheme. So in fact in practice To sign something is to encrypt with your private key But the way that digital signatures are used is what do you encrypt with your private key? You don't encrypt the entire message. You just encrypt a hash of the message So we'll go to that as an example But you'll see it it's effectively the same as this except instead of operating on the entire message just on a short part of it that's Where is that? If we just jump Forward a few sides. It's described under the section on signatures digital signatures We just looked at that concept So the example I showed on we calculated was the concept of a user signs a message by Encrypting that message with their own private key. That's the example. We just used we talk about that instead of now talk about Encrypting the message we talk about signing the message We still apply an encryption algorithm But the name of the operation we talk about is signing the message and the user Can attach that signature to the message and send both and the verification We decrypt using the public key of the signer That's the example. We just saw we decrypted the ciphertext using the public key of a and then we compare and check But in practice the way that digital signatures work is that we don't operate on the entire message We operate on the hash of the message So we see the modification here is that we introduced the hash function on the message And I think that's safe to assume from now on when you hear about a digital signature It means Encrypting using your private key The hash of some message and that creates a signature So let's go through that But we'll go through using continuing our example and and try and look at what the malicious user can do because this is a very Widely used application of public key cryptography digital signatures We'll go through it with several Potential attacks So it's going to be similar to this, but now we'll introduce the hash function Any questions before I look at the details of a digital signature? Let's go So we'll consider first just the normal operation of the digital signature and we have a Wants to send a signed message to be I Were not right down, but again, we assume everyone has their own key pair and The other users know other users public keys. So be knows a's public key So we want to send a signed message to be That's all right to be complete. Let's write it down questions We're going to do this Okay, this is the example. We're going to apply where we use the hash function But in fact it turns out it's just a simple extension of the previous one. We did okay I know their slides are a long way away, but the the Authentication using public key cryptography the the practical implementation is a digital signature. It's this Let's write down what a knows a knows Public key of a of course the private key of a B knows the public key of a They know the algorithms who were not write that down But we assume we know the algorithms and hey a has a message to send They want to send a signed message for example. I have a document and When I sign a document and give it to someone The idea of signing it is that when someone receives it they can confirm it was from me and Maybe at a later date they can prove to someone else that it was from me okay, so if you have a signed document signed by Your boss saying here is your contract Then that acts as a form of proof that That that person agreed to it and you could use it later Maybe to prove that yes Your boss did sign the contract and agreed upon your pay for example So acts as a form of proof that it came from a particular user. So we have a message What we do is we calculate the signature for that message and To calculate the signature We call the signature s we encrypt Using the private key of a The hash of the message So there's the difference from our previous example. We've now introduced the hash function Take my message calculate a hash Encrypt that small value Especially if the message is long the hash is usually a fixed size hundreds of bits maybe Encrypt that with a private key and we get our signature What we do is we send both to be the message and the signature we send We send the message concatenated with a signature to be so just join them if the message is one megabyte And the signature is 128 bits send them together What does be do so B wants to decrypt the signature to confirm that it's matches the message Decrypt the signature this the message in this case is Sending the plane plain text send in the clear So we receive s the signature we decrypt that so the first step decrypt s Using what which key If we think the message came from a We must use the public key of a We cannot use it private key of a we don't know it. We only know the public key of a Decrypt the signature using the public key of a What do we get as an output? Look carefully what? The hash of m should be the output S is the hash of n m encrypted with the private key of a therefore when we decrypt We'll get the hash of m as output Oh, I'll write it as x and we'll Let's say we get some output called x What do we do next it be when we get that output? What's the next step? Remember we have a message What we do is the next step is take a hash of that message we received So it's two steps here decrypt the signature and obtain some value. Let's call it x step two take a hash of the message received and Now compare if the hash of the message equals x Then we're okay That's the general procedure here Compare these two values If the decrypted signature matches the hash of the received messages of the received message therefore assume that everything was okay The message verifies if they're not equal don't trust it assume the message verification failed They should be equal as we see as long as nothing's been modified because we Expect the hash of m to come out. So x should be the hash of m as long as nothing's modified therefore X will be equal to the hash of the message Any questions on the the normal operation? This is when there's no attacker, okay? Yes, all right good Let's consider what the malicious user can do and see why this scheme works So that to understand why it works. It's good to look. What if the malicious user tries something? What can we try? I'm gonna start it again Let's say we send a message and the malicious user intercepts Again, we send the message concatenated with s Our malicious user intercepts that and like before we try to change the message and send it on to be Can we do that? Can we change the message? Yes, the message is not encrypted. The message is sent in plain text. So it's easy to change it So let's try m as writer as m prime That's the modified message concatenated with The signature in this case. Let's keep the same signature So in this example The malicious user just modifies the message. It keeps the signature as before Exactly the same sequence of bits in the signature And that's easy to do because we know for example the signature is a certain size So if we're using md5, it will be 128 bits So all we do is we take this what's received take the last 128 bits and attach it to our new message What does be do? try Go through the steps of be verifying that message first step Decrypt the signature. All right x Decrypt the signature again. We think the message is from a using the public here a So we decrypt the signature. We get some value x. We'll use it in a moment the second step take a hash of the received message m prime So the modified messages. We don't know it's modified yet. We're trying to check and now compare true or false when we compare We compare our x the tell the value we obtain here with the hash of m prime When we compare them, what do we get? Why are they for why are they not the same? because decrypting s with the public key of a Obtains hash of m Because the hash of the m encrypted with the private key of a was the value of s. So x is the hash of m We compare that with a hash of m prime M and m prime are different therefore our assumption about the hash values They will also be different the hash of two different messages produces two different hash values So when we compare them We find out they are not the same and Therefore we've detected something goes wrong the verification has failed we say B knows something's gone wrong Any questions on that attack and why it fails? so what What will you do as a malicious user? What will you try next if that didn't work? What could you try? Right if we change the message We will need to also change the signature Because we see here if we change the message, but not the signature B will detect that so if we're trying to Modify the message we must also modify the signature. So let's go through it. We've seen it before but let's Be complete Just draw this one again so again we a sends the original message concatenated with the signature our malicious user intercepts Modifies and sends it on to B and what do they do to modify in this case the second case? Let's say they send M prime With a signature I'll denote as S prime where S prime is Calculated by the malicious user as encrypting The hash of M prime So the malicious user finds a new message calculates the hash and encrypts that with what? Some private key which is say the private key of the malicious user And I think we've seen before you know it can't be the private key of a They they cannot know it here. So they use some other private key We send that on to B B receives and tries the verification steps. What do we do? We calculate X? Decrypt with which key? The public key of a we think it came from a therefore we will always use the public key of a We obtain some value X we calculate The hash of the receive message H of M prime and compare Are they equal? so we compare our obtained X with the hash of M prime and we Realize they're not equal. Why are they not equal? because of the X in this case that is H of M prime was encrypted with the private key of the malicious user When we decrypt it with the wrong key That is we decrypt it from a key from a different key pair We'll get a value which is not the plain text So the plain text was the hash of M prime Encrypted with PR of the malicious user decrypt with the public key of a the value X will not be the original plain text That is X will not be hash of M prime Which means X does not equal hash of M prime and therefore we've failed again That is the verification fails the attack fails so authentication has been successful in that We'd be able to detect whether something goes wrong or not So this is because of using the wrong key here The way for malicious user to be successful. They need to know the private key of a Which we assume they do not The other one which will not draw but as an extension of this is the malicious user performing a masquerade attack These are modification attacks where we modify something along the way The other case is that malicious user just generates Generates a message Saying this is from a sends it on and again the similar to this case if malicious user creates a message They need to create the correct signature and the correct signature Uses the private key of a because when B receives the message. They're always going to use the public key of a to verify So malicious user will not be able to generate a correct message without the private key of a This scheme has an Important assumption that if that doesn't hold it all fails and in practice that it may be a hard assumption to make true How could the malicious user defeat this scheme assuming they cannot find the private key of a? How else could they try and defeat this scheme and it happens in practice in some systems? malicious user wants to send a message to be and be think it's from a and When B verifies the verification is successful and therefore the malicious user has Successfully attacked how can that work and it comes back to our first Assumption Right at the top. We assume that B had the public key of a How to be get the public key of a well a posted on his website Saying here's my public key or send it in an email. So announced it to the world this attack or this system fails if the malicious user can convince B that some public key Belongs to a when it in fact belongs to the malicious user So if the malicious user could convince B to think the public key of the malicious user is the public key of a Then the malicious user can do an attack So it relies on the fact that B knows for sure that this public key The sequence of bits is in fact belonging to a it doesn't belong to someone else So that's an important part and a hard thing to deal with in some practical systems You receive a public key and I tell you here's the public key of Steve. I put it on my website How do you know for sure? It's my public key Maybe someone Hacked into my website and put a public key saying this is the public key of Steve But it's in fact a public key of the malicious user So in fact the way that we obtain the public is an important step in practice For now we assume that somehow we know it when we look at Towards the end of the semester will look at website security and digital certificates And they use these concepts of signatures and some of these problems of Distributing public keys becomes important any last questions on signatures Let's return to our lecture notes and see what we've missed jump back to Public key this topic has many different Subtopics we're going to skip a few to try and finish it today so we can move on to the next topic next week Let's review what we know so far We have a public-private key pair and in practice each user generates their own key pair so When you say I have my own public-private key pair There's an algorithm for me to create those keys They're not chosen randomly and the algorithm depends upon the the specific implementation we're using To use for confidentiality encrypt with the destinations public key Okay, you want to send a secret message to someone You need to know their public key and you encrypt with their public key such that only they can decrypt Because only they have their private key For authentication you encrypt with your private key Because only I have my private key so our acts is proof to the receiver that the message came from me and What we just saw with digital signatures It's just an extension of this instead of encrypting the message in full. We encrypt a hash of the message There are different algorithms. So what is E and D in all these steps? There are several different algorithms RSA is the most widely used one. It's been around the longest. Well, maybe not the longest But it's it's the most widely used And you'll see it a lot But there are some variants or there's some others some general techniques called elliptic curve Cryptography Diffie-Hellman. We may see some examples of that and there's something called the digital signature standard Not all algorithms work for both Confidentiality and authentication RSA works for both What's the difference here? Look at the difference. It's just the order of the keys Okay, confidentiality public key to encrypt private key to decrypt Authentication private key to encrypt public key to decrypt. That's all that's different here RSA algorithm allows that allows you to use the keys in either order other algorithms like the digital signature standard do not allow that So some are only used for digital signatures Some are used It can also be used for encrypting for confidentiality Some like Diffie-Hellman are just used for exchanging secrets, but we will not see that until later Later in the semester So there are several different algorithms for public key cryptography. Which one of these slides can we? Let's let's look at this and see what it summarizes Some of the things we've already said For public key cryptography. It should be easy to generate your key pair Okay, you don't just randomly choose keys. You follow an algorithm to create a pair of keys and so one requirement is that anyone can generate a key pair and By easy you can use some software to do it and we'll do it as a homework task You will one day and you can generate it with software in a few seconds generate a key pair. So that's possible It should be easy to encrypt messages Okay, this is a practical requirement that is To encrypt using some key say a public key of B. It should be fast Few seconds, for example, it shouldn't take forever to do so If you know the other key in the key pair For example, if the message is encrypted with a public key of B and you know the private key of B So you are B then it should be easy to decrypt so again just a practical requirement in that We need an algorithm such that we can do these things fast so that people will use it the next two four or five of the security requirements It should be hard. We say computationally infeasible means that if we it would take too long to do it Take forever to compute it If you know the public key of B and you know the ciphertext it should be practically impossible to find the private key of B Okay, so we shouldn't be able to work back and find the private key of someone But they are related So the way that the keys are generated they follow some steps So there is an algorithm such that you generate the public and private key in a key pair But it should be hard for someone knowing just one of them the public key for example to work out the private key And the other requirement is that if we know a public key in the ciphertext it should be hard to find the message so Should be hard to decrypt if you don't have the private key and it should be hard to find the private key the other two basic requirements and the algorithms like RSA and Diffie-Hellman Designs such that these requirements are met and they're designed in such a way that To find the private key given the public key Requires solving some computationally difficult mathematical operation In terms of RSA involves factoring numbers into their primes So any number Can be written as a Multiplication of a set of primes Okay, so we talk about a number has factors or a number has prime factors and the RSA algorithm relies on the fact that For an attacker to find the private key It would have to take some large number and find the prime factors of that and it turns out that there are no known Ways to do that in reasonable time. I'll show some statistics soon But most of the public key algorithms depend upon solving complex mathematical operations We will not have time to discuss them. There are a few slides on that. I know you're disappointed so You you can discuss you can read about them in your own time if you want to know how those algorithms work Number six is just that some algorithms. We'd like to be able to use the keys in opposite order encrypt with public key decrypt with private key or Encrypt with private key decrypt with public key. That's not a hard requirement I think that will be about enough for public key. We can do brute-force attacks try and guess the key How do we stop that make the key large enough and there are other? Theoretical attacks on some of the algorithms, but in practice Not not very efficient this gives RSA So RSA is a very widely used public key algorithm It's described in these seven or eight lines of text. So that's the algorithm there It looks simple, but it turns out that it's very secure But we will not cover how RSA works RSA, but we will say something about the the security of it RSA depends upon The difficulty of factoring a large number into its primes Everyone remembers their primes for example factor 24 into its primes What's the answer? What are the prime factors of 24? 24 The numbers which we mold the prime numbers which we multiply together that gives us 24. So what is it? two times two times two times three Gives us 24 two and three of primes So with RSA we usually need to factor one number into its two prime factors for example What are the prime factors of 35? 7 and 5 7 and 5 are both primes So the challenge there is given 35 find find the prime factors. That's easy with RSA given a very large number instead of 35 a number which is 1,000 bits long for example or 2,000 bits long find the prime factors and There are no known ways to do that fast So people have done some some tests for example in 2009 given a number which is 232 digits long Not 35, but a large number That's the length if we write it down in 2009 it took Something like 2,000 Processing years on on a single computer to factor that into its primes Of course, they didn't use a single computer. They use many computers But that was some measure of the difficulty it takes to factor a large number into its primes So nowadays we measure RSA by the length of this large number that we need to factor into primes So when you use RSA you'll see mentions to a thousand and twenty four bits two thousand and forty eight bits and so on and it turns out that taking a number of that length and Finding the prime factors is not possible And that's why RSA is considered secured You don't need to know about why that's the case But just to be aware when you use RSA usually you need to choose a key length And it will be one of those three values a thousand and twenty four 2048 4096 the larger the value the more secure But usually the less The less well it performs The problem with public key cryptography compared to symmetric key is it's much slower to encrypt have we done a speed test before? Open SSL is some encryption software. I can do a speed test. What's a symmetric key cipher? Common quiz or exam question not know how the ciphers work, but be aware of some of the popular ones What's a symmetric key cipher we've mentioned? The abbreviation a symmetric key cipher if you don't know look through your slides That what is a symmetric key cipher the name of one one of the Widely used symmetric key ciphers for one of the original ones Again, what is it? AES, okay, that's the widely used symmetric key cipher the advanced encryption standard It I can use 128 bit key which is sort of one of the basic ones Let's see if this works This just runs a speed test where my software goes away and encrypts or decrypts many blocks per second And I'll stop it there It in this case for over three seconds it Encrypted 11 million blocks of random plain text So in three seconds it does 11 let's approximate say about 12 million encryptions in three seconds About four million per second So my computer can encrypt using a symmetric key cipher about four million blocks per second It's hard to compare, but I'll just give it an indication if we use RSA and I made a mistake I'll just type RSA speed test with a public key cipher Which one is faster now it's doing RSA encryption with It goes for 10 seconds. I'll stop it there. So we don't have to wait for example in this case Using the private key so encrypting with a private key Which is authentication it could do what? 100,000 in 10 seconds 100,000 encryptions in 10 seconds is about 10,000 encryptions in one second So with RSA and it's not a direct comparison, but about 10,000 encryptions in one second with a yes with a yes in one second it does about four million three and a half or four million encryptions per second It did 11 million in three seconds, which is almost four million in one second So there's the difference RSA about 10,000 per second a yes about four million per second So this is just demonstrating that symmetric key ciphers are much much faster than public key ciphers And that's has an impact on where we use them Again, you cannot use those numbers directly to compare but as an indicator of performance, so it's okay The point is that public key cryptography we cannot use to encrypt large amounts of data because it's too slow and Hence it's widely used in encrypting for signatures Remember a signature we encrypt just the hash value only a small amount of data So it's okay for that but encrypting large files. We generally don't use public key cryptography I mean it can be used, but it's it's too slow You might as well just use symmetric keys of cryptography for large files and in practice what happens is that? Symmetric key cryptography is used for data encryption large amounts of data public key cryptography is used for signatures or Encrypting small amounts of data and a Small amount of data that we often want to encrypt is a secret key used by symmetric key cryptography Remember with symmetric key cryptography both users need to know a shared secret key. I choose a random number 256 bits and I give it to you and We have a shared secret key, but one of our problems was how do I get that secret key to you across a network? How do I send you a secret? Anyone an idea? Encrypted with what? Hash doesn't provide encryption. Let's have a look Come back to symmetric key ciphers, and I think this will be the last thing that we need really in this topic Virtual private network encrypts data with a key. So you need a key up front so our problem again A and B want to communicate using symmetric key encryption a chooses a key Let's say it creates a random key KAB Before it can send data encrypted using that key. It needs to send the key to be How does it do so? Of course, we cannot send it in plain text Because someone could intercept the key and therefore it's no longer secret. So a common way to do it the concept is to obtain the public key of B So now let's combine symmetric and and public key crypto crypto We encrypt using the public key of B KAB and Send that to be Encrypting using the destinations public key is providing confidentiality with public key crypto I and send that to be be decrypts and they get KAB So this is say the ciphertext See we send that to be be decrypts The received value with what key? B will decrypt with their own private key and they'll get as an output KAB now we have a shared secret key between A and B and Now when we want to send data we switch to using symmetric key encryption So now we have a message to send Subsequent data we encrypt using a symmetric key cipher We should have denoted what ciphers were used here this Black one was using for example RSA and now we use an alternative for example We encrypt using KAB Our message the data we want to communicate and in this case we'd use a symmetric key cipher for example AES and Then when we decrypt We use a shared secret key So in fact, we do it in two steps exchange a secret using public key cryptography then exchange data using symmetric key cryptography and We take advantage of both of their advantages that is the advantage of symmetric key cryptography is it's fast So when we have a lot of data either at many messages or large messages Encrypting them with symmetric key crypto like AES is much faster than using public key crypto The advantage of public key cryptography is that we can encrypt something using a key without having to obtain that key via some secret medium a Encrypted the shared secret key using the public key of B So as long as we know the public key of B this works So that's a common way in which both ciphers are used Correct RSA is an example of public key cryptography. AES is an example of symmetric key cryptography Encrypt a secret using RSA encrypt your data using AES and Keep if you have more data to send you can keep using the symmetric key cryptography so just use the public key crypto for key exchange really Exchange a secret any questions on that approach Correct exchange a key with a using public key cryptography Once you have that key then encrypt your data using symmetric key cryptography So that's a common way that the different types are used so let's to finish this topic will There's three more after public key crypto the key management and random numbers will say very briefly about Signatures we've covered so we've already jumped to them. So we'll finish that in the next Five or ten minutes so we can move on next week Some assumptions so far about public key crypto a pair of keys One used for encryption one for decryption Think every user has their key pair. So one of your homework tasks will be to generate your own key pair Everyone can generate their own key pair encrypt Encrypting with one key in the key pair produce the ciphertext You can only successfully decrypt with the other key in that same key pair. That's our assumption If we decrypt with the wrong key We'll be able to recognize that So that's some assumptions we've used so far What about the last topics key management is this issue of how do we get keys to each other and we just saw an example? This is one example of key management a very simple example. How do I get the secret between a and b use public key crypto? But with this one, how does a learn the public key of B? That's another challenge and there are ways to try and exchange keys Exchange keys in an automatic way across a network And we will not go through them We will see more detailed example of key management when we look at web security and digital certificates But it's about how do you share a secret key? We just saw one example How do you obtain someone else's public key? Sounds obvious just tell them but how are you sure it's not something pretending to be someone else and another aspect of key management is when to change keys Like when do you change passwords? How often should you change passwords? The similar concept applies How often should you change your keys? Don't use the same secret key forever Okay, so there are some guidelines of when to change and how to automatically change, but I'll not go through them We'll assume for now on that that we can somehow exchange a secret key Without someone else learning the value of that secret key and that we can obtain the correct public key That we've got means to do that digital signatures we've seen we've mentioned that Well, we didn't mention this the aim is to prove Just to anyone that once we have a message that it came from a particular user Now be careful Symmetric key cryptography cannot be used for the digital signature in Symmetric key cryptography How many people have a secret key? If I have KAB then there's someone else that has KAB So with symmetric key cryptography two people have that key With public key cryptography only one person in the world has the private key So we can use that for a signature because it's proof to others That a signed message came from that one person We can't do that with symmetric key cryptography because what could happen is that let's say I encrypt a message with a shared secret key KAB and Then someone has a copy of this message Maybe the hash is encrypted with KAB and we later need to prove to others that it came from user a Yeah, we need to prove for some some legal reasons that this message message came from user a There's no way to prove to anyone that it came from a a The message if it was encrypted with a secret key KAB could have came from a or B Because both a and B have the secret so in symmetric key cryptography Because two people know the secret There is no way to prove that that message came from just one person it could have come from two in the world with public key cryptography Only one person in the world has the private key so that forms as a way to prove that a message comes from that one person So we only use public key cryptography for signatures we went through these operations in General the concept is we encrypt using your private key in practice We encrypt the hash of a message using your private key to obtain a signature and We decrypt with a public key to verify that signature. There are different algorithms for signatures RSA can be used. There's one called the digital signature algorithm DSA and a few variants So some are listed there and Different hash algorithms are used. So remember we have a hash algorithm here. Which one to use char is common So the assumptions will make from now on a Digital signature is the encrypted hash value of a message where the key we use is a private key of some user And once we receive a digital signature, we can verify it Using the public key this last topic random numbers We'll see throughout Different security mechanisms. We use random numbers for different reasons. We've seen already. I've said generate a secret key Choose a random value Well, it should be truly random It turns out For computers to generate random numbers is not easy How do you generate a random number on your computer? How can you generate a random number? What type it in from your head? Call the RAND function. Okay. How is the RAND function implemented if? right, so The random so there's usually some random function provided by a library of a different programming language and one Characteristic of those random functions is you can usually specify an input. It's called a seed to specify some Mode of the the algorithm to use How but how is that implemented? The computer has some code that implements the random function, but remember it's just some deterministic set of code that we can work out It just creates a value of following some algorithm, so it's not truly random Because it's following some steps that we can in fact predict what would happen It's very hard to generate random numbers, which are what we call truly random Because a computer just follows steps that we program it to do Which is not really random. It's something that is Deterministic a good way to generate random numbers is to I think I have it here is to measure some non-deterministic source measure radiation from the atmosphere or different devices and It's believed generally that they are very close to random in that they generate variations, which we can consider random measure some noise generated from electronics or circuits or Maybe some operations on computer hardware So that those events Follow some randomness and they are considered So if you buy hardware that does these things they can be referred to as true random number generators But not many people have such hardware in their computer to to measure radiation for example So in fact when we talk about random numbers The RAND function in your computer. It's really a pseudo random number generator It's not truly random. It pretends to be random But we're not going to cover the details of that that is we're going to assume that The random number generators that we have available Can generate effectively true random number generator random numbers It turns out in practice many of the flaws in cryptography Come down to poor random numbers badly chosen random numbers There have been some substantial attacks based upon weakness in random number generators But no time to cover that in this course We've gone through symmetric key cryptography Generally used for file encryption or encryption of data across a network two examples are AES and triple des an extension of des We've gone through public key cryptography and it's mainly used for key exchange or digital signatures authenticating the source and There's some examples as RSA. There's Diffie helman and a few others We skipped over but we may have quickly mentioned there's Mac functions used for authentication But we focused on hash functions used for authentication. We saw some examples of using MD5 or char Usually public key cryptos combine with hash functions to produce digital signatures which we've just covered random numbers are very important and The algorithms for creating random numbers are very important But for our course we will not cover how they work. Let's finish with this slide This just lists some principles that we'll see throughout the course some we've mentioned some Will come across again Some principles that we'll often talk about with respect to cryptographic algorithms is that experience is important That is algorithms that have been used for a long time are generally considered less likely to have problems than new algorithms Okay, so someone designs a new cipher a new version which they say is more secure than AES faster than AES Generally in cryptography, we'd like to see some experience of using that cipher before we really believe it's more secure and faster That's why you often see that Systems use algorithms which are quite old 10 20 years old in some cases because people are not so trustworthy of new Systems until they've really been tested a lot So that's something that comes up with respect to performance we It's almost always the case that symmetric key algorithms are much faster than public key So if you want to encrypt something a lot of data use symmetric key algorithms Most algorithms the more data we encrypt the longer it will take and There's a linear relationship between the time and the size of the data you encrypt a file Which is one megabyte and it takes two seconds Therefore, we assume you encrypt a file which is two megabytes. It would take four seconds So as you increase the data size you'll increase the time we didn't talk much about it, but One principle we'll use is that if you use secret keys you should Change them Quite often do not reuse the same key forever Similar to passwords if you use a password in theory You should change it quite often to reduce the chance that an attacker can discover that password the same as for keys and With keys if you want to give a key to someone else we need automatic ways to do that We cannot say write the key on a piece of paper and deliver it to them. That doesn't work in large networks So we need Protocols and automatic means to distribute keys. We cannot rely on manual means Last thing Which will come out through the course? Multi-layer security refers to using different multiple security mechanisms to increase the security of a system Don't just use one system Or one security mechanism and rely on that Use one and then maybe on top of that use another security mechanism and build them up such that if one has a floor Then you have the backups of the others and we'll see that as we go through Some different topics if you want to explore some other areas look at those topics. What we'll do next week is look at The topic of what what's next? someone remind me authentication Indicating not computers but humans. I think it's the next topic Passwords how do we make sure that a human is who they say they are?